2 minute read
Device ID
Volume: 08 Issue: 06 | June 2021 www.irjet.net p-ISSN: 2395-0072
A Deep-dive Analysis on WhatsApp Artifacts and their Relevance in Crime Investigation
Advertisement
Nagendar Rao Koppolu
Inspector of Police (In-charge State Cyber Vertical), Telangana Police Department, Hyderabad --------------------------------------------------------------------------*** --------------------------------------------------------------------------Abstract: Today, most crime scenes involve Information and Communications Technology (ICT) devices such as mobile phones and tablets. Among them, popular Instant messaging applications such as WhatsApp are used widely for communication purposes. Criminals are taking advantage of its end-to-end encryption feature. Criminals are using the encrypted communication medium to commit a crime. It has become a challenge for Law enforcement agencies (LEA's) to gather the potential evidence from such devices for evidence purposes. Extracting device information is the prime concern of an investigating officer (IO) using forensically sound methods. This paper discusses WhatsApp data obtained from Android and iOS platforms such as account information, contacts and communication link between users and Deleted information.
Keywords: Digital Forensics, Mobile Forensics, WhatsApp, Mobile Acquisition, Mobile Extraction
1. INTRODUCTION
According to a study conducted by Statista, as of January 2021, WhatsApp is the most popular messenger application with 2 billion active users worldwide [7] and India has 390.1 million monthly WhatsAppactive users [5]. The majority of individuals, businesses are using WhatsApp for day-to-day communications. Whereas, Criminals and fraudsters are using the WhatsApp application to commit a crime. Therefore, WhatsApp data has become crucial for the investigation. The average WhatsApp user on Android spends 38 minutes per day on the app [9] and more than 100 billion messages are sent each day on WhatsAppin December 2020 [6][10]. Based on Global Web Index data, the WhatsAppworldwide user base consists of 45.5% female users and the remaining 54.5% are males. WhatsApphas a client application and a business application, accessed from mobile devices and desktop computers. One must be connected to the internet to use this application.
WhatsApp messenger provides services like - 1. Sending text messages 2. Audio and video call 3. Multimedia sharing like audio, video, image, and documents4. Location sharing and 5. Money transfer. WhatsAppcommunication can be between two users or a group of users or a business to a user. All WhatsApp communications are end-to-end encrypted, which means all communication is encrypted and no one can see what data is exchanged using WhatsApp. A WhatsAppgroup can contain 256 users as group members [4]. This application is available for both Android and IOS devices and downloaded from both Appstore and Play store.
The technology used in WhatsApp is Extensible Messaging and Presence Protocol (XMPP) to exchange data. XMPP is the
Extensible Messaging and Presence Protocol, a set of open technologies for instant messaging, presence (user's online/ offline status), multi-party chat, voice and video calls, collaboration (users working together from various locations), lightweight middleware, content syndication, and generalized routing of XML data. XMPP specifications were published as RFC 3920 and
RFC 3921 in the year 2004. In addition, Internet Engineering Task Force (IETF) has formalized the core XML streaming protocol as an instant messaging and presence technology.
3. WhatsApp Security Architecture
WhatsApp uses end-to-end encryption to secure messages between the sender and recipient devices until they change their device or re-install the application on their device. As mentioned in their technical specifications, WhatsApp uses three different keys for encryption -Public key, Session key and Private key [2].
